wmiprvse.exe vie prossutehot tappiin vähän väliä , virusko?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Rydy, Nov 10, 2007.

  1. Rydy

    Rydy Member

    Joined:
    Nov 10, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:35:28, on 11.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\fulDC\DCPlusPlus.exe
    C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
    C:\Program Files\RhinoSoft.com\Serv-U\ServUAdmin.exe
    C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\HJT\HiJackThis_v2.0.2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ManualRun] "J:\AUTORUN\AutoRun"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190385572578
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{49D6CC5E-3680-40B3-A8B4-911A881C9829}: NameServer = 213.139.190.3 212.50.131.153
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 7763 bytes
     
    Last edited: Nov 11, 2007
    Rydy, Nov 10, 2007
    #1
  2. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    moi
    lokis ei ihmeitä...

    Tee uusi hjt-scannaus Do a System scan only
    Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [ManualRun] "J:\AUTORUN\AutoRun"



    Lataa CCleaner tästä
    *Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
    *Asennuksen jälkeen aukaise CCleaner.
    *Valitse vasemmalta pystyrivistä Options.
    *Valitse viereisestä pystyrivistä Settings.
    *Language kohtaan valitse Suomi.
    Puhdistaja
    *Valitse vasemmalta pystyrivistä Puhdistaja.
    *Paina alhaalta Tutki.
    Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
    *Kun tutkiminen on valmis, paina Aja CCleaner.
    Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.
    Rekisterin virheiden korjaus
    *Valitse vasemmalta pystyrivistä Virheet.
    *Paina alhaalta Etsi rekisterin virheitä.
    *Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
    *Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
    *Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
    *Saat vielä varmistus kysymyksen, paina Ok.
    *Kun virheet on korjattu, paina Sulje.
    *Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.




    Skannaa koneesi Kaspersky Online Skannerilla
    Käytä Internet Explorer
    Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
    • Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
    • Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
    • Klikkaa nyt asetuksia, Scan Settings
    • Tarkista asetuksista, että seuraavat ovat valittuina:

      o Scan using the following Anti-Virus database:

      + Extended (Jos valittavissa, muuten valitse Standard)

      o Scan Options:

      + Scan Archives
      + Scan Mail Bases
    • Klikkaa OK
    • Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
    • Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
    • Klikkaa nyt Save as Text-painiketta.
    • Tallenna tiedosto työpöydällesi.
    • Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.


      Lähetä kasperskyn-loki ja uusi hjt-loki
     
    tomato71, Nov 11, 2007
    #2
  3. Rydy

    Rydy Member

    Joined:
    Nov 10, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Monday, November 12, 2007 5:56:11 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 12/11/2007
    Kaspersky Anti-Virus database records: 456537
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    L:\

    Scan Statistics:
    Total number of scanned objects: 110502
    Number of viruses found: 7
    Number of infected objects: 23
    Number of suspicious objects: 0
    Duration of the scan process: 01:36:36

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Rydy\Application Data\Mozilla\Firefox\Profiles\yudxl8b0.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Rydy\Application Data\Mozilla\Firefox\Profiles\yudxl8b0.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\Rydy\Application Data\Mozilla\Firefox\Profiles\yudxl8b0.default\history.dat Object is locked skipped
    C:\Documents and Settings\Rydy\Application Data\Mozilla\Firefox\Profiles\yudxl8b0.default\key3.db Object is locked skipped
    C:\Documents and Settings\Rydy\Application Data\Mozilla\Firefox\Profiles\yudxl8b0.default\parent.lock Object is locked skipped
    C:\Documents and Settings\Rydy\Application Data\Mozilla\Firefox\Profiles\yudxl8b0.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Rydy\Application Data\Mozilla\Firefox\Profiles\yudxl8b0.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Rydy\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Application Data\Microsoft\Windows Live Contacts\ton1ry@jippii.fi\real\members.stg Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Application Data\Microsoft\Windows Live Contacts\ton1ry@jippii.fi\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Application Data\Mozilla\Firefox\Profiles\yudxl8b0.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Application Data\Mozilla\Firefox\Profiles\yudxl8b0.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Application Data\Mozilla\Firefox\Profiles\yudxl8b0.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Application Data\Mozilla\Firefox\Profiles\yudxl8b0.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Sivuhistoria\History.IE5\MSHist012007111120071112\index.dat Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Temp\~DF6AC5.tmp Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Temp\~DF6B15.tmp Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Temp\~DF7A91.tmp Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Temp\~DF7AA2.tmp Object is locked skipped
    C:\Documents and Settings\Rydy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Rydy\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Rydy\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\fulDC\DCPlusPlus.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log.idx Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\error.log Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\error.log.idx Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\hips.log Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\hips.log.idx Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log.idx Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\network.log Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\network.log.idx Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\system.log Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\system.log.idx Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log.idx Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\web.log Object is locked skipped
    C:\Program Files\Kerio\Personal Firewall 4\logs\web.log.idx Object is locked skipped
    C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6200 skipped
    C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6200 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{EC8CEB1E-52FB-4129-922A-A3BD2557BF16}\RP127\A0016943.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6200 skipped
    C:\System Volume Information\_restore{EC8CEB1E-52FB-4129-922A-A3BD2557BF16}\RP130\A0018036.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6200 skipped
    C:\System Volume Information\_restore{EC8CEB1E-52FB-4129-922A-A3BD2557BF16}\RP130\A0018037.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6200 skipped
    C:\System Volume Information\_restore{EC8CEB1E-52FB-4129-922A-A3BD2557BF16}\RP171\A0020143.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6200 skipped
    C:\System Volume Information\_restore{EC8CEB1E-52FB-4129-922A-A3BD2557BF16}\RP172\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\Ohjelmat\Cyberlink.PowerDVD.Ultra.Deluxe.v7.4.Multilingual.Incl.Keygen-ViRiLiTY\Setup.exe/crack.exe Infected: Backdoor.Win32.Rbot.adf skipped
    D:\Ohjelmat\Cyberlink.PowerDVD.Ultra.Deluxe.v7.4.Multilingual.Incl.Keygen-ViRiLiTY\Setup.exe CAB: infected - 1 skipped
    D:\Ohjelmat\Serv-U.FTP.Server.v6.2.0.1.Corporate.Edition.WinALL.CRACKED-MiNT\m-su620b.zip/G:/Juarez/0-DAY/Serv-U.FTP.Server.v6.2.0.1.Corporate.Edition.WinALL.CRACKED-MiNT/m-su6201.r00/ServUDaemon.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6200 skipped
    D:\Ohjelmat\Serv-U.FTP.Server.v6.2.0.1.Corporate.Edition.WinALL.CRACKED-MiNT\m-su620b.zip/G:/Juarez/0-DAY/Serv-U.FTP.Server.v6.2.0.1.Corporate.Edition.WinALL.CRACKED-MiNT/m-su6201.r00 Infected: not-a-virus:Server-FTP.Win32.Serv-U.6200 skipped
    D:\Ohjelmat\Serv-U.FTP.Server.v6.2.0.1.Corporate.Edition.WinALL.CRACKED-MiNT\m-su620b.zip ZIP: infected - 2 skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{22E4D120-F0BE-4138-BEE3-CEE246EDD8FF}\RP657\A0075703.exe Infected: not-a-virus:Client-P2P.Win32.Winny.2b66 skipped
    D:\System Volume Information\_restore{22E4D120-F0BE-4138-BEE3-CEE246EDD8FF}\RP661\A0076021.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
    D:\System Volume Information\_restore{22E4D120-F0BE-4138-BEE3-CEE246EDD8FF}\RP661\A0076021.exe mIRC: infected - 1 skipped
    D:\System Volume Information\_restore{22E4D120-F0BE-4138-BEE3-CEE246EDD8FF}\RP661\A0076064.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
    D:\System Volume Information\_restore{22E4D120-F0BE-4138-BEE3-CEE246EDD8FF}\RP661\A0076064.exe mIRC: infected - 1 skipped
    D:\System Volume Information\_restore{22E4D120-F0BE-4138-BEE3-CEE246EDD8FF}\RP668\A0081322.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
    D:\System Volume Information\_restore{22E4D120-F0BE-4138-BEE3-CEE246EDD8FF}\RP668\A0081322.exe mIRC: infected - 1 skipped
    D:\System Volume Information\_restore{22E4D120-F0BE-4138-BEE3-CEE246EDD8FF}\RP696\A0083932.exe/run.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
    D:\System Volume Information\_restore{22E4D120-F0BE-4138-BEE3-CEE246EDD8FF}\RP696\A0083932.exe ZIP: infected - 1 skipped
    D:\System Volume Information\_restore{24326F5F-D293-4A4E-B9CF-43577DB17B97}\RP11\A0004817.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.sh skipped
    D:\System Volume Information\_restore{24326F5F-D293-4A4E-B9CF-43577DB17B97}\RP11\A0004817.exe ZIP: infected - 1 skipped
    D:\System Volume Information\_restore{24326F5F-D293-4A4E-B9CF-43577DB17B97}\RP4\A0004202.exe Object is locked skipped
    D:\System Volume Information\_restore{51DBA108-299A-4C0E-94A2-7B600AECE3A4}\RP513\A0065968.exe Object is locked skipped
    D:\System Volume Information\_restore{EC8CEB1E-52FB-4129-922A-A3BD2557BF16}\RP172\change.log Object is locked skipped
    E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    E:\System Volume Information\_restore{EC8CEB1E-52FB-4129-922A-A3BD2557BF16}\RP172\change.log Object is locked skipped
    F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    F:\System Volume Information\_restore{EC8CEB1E-52FB-4129-922A-A3BD2557BF16}\RP172\change.log Object is locked skipped
    F:\System Volume Information\_restore{EC8CEB1E-52FB-4129-922A-A3BD2557BF16}\RP68\A0011785.exe Object is locked skipped
    G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    G:\System Volume Information\_restore{EC8CEB1E-52FB-4129-922A-A3BD2557BF16}\RP172\change.log Object is locked skipped
    H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    H:\System Volume Information\_restore{EC8CEB1E-52FB-4129-922A-A3BD2557BF16}\RP172\change.log Object is locked skipped
    I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    I:\System Volume Information\_restore{EC8CEB1E-52FB-4129-922A-A3BD2557BF16}\RP172\change.log Object is locked skipped

    Scan process completed.






    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:13:38, on 12.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
    C:\Program Files\RhinoSoft.com\Serv-U\ServUAdmin.exe
    C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HJT\HiJackThis_v2.0.2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190385572578
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{45520E16-F91A-4AC5-9EAE-C4964C643E60}: NameServer = 82.209.169.71 82.209.169.72
    O17 - HKLM\System\CCS\Services\Tcpip\..\{49D6CC5E-3680-40B3-A8B4-911A881C9829}: NameServer = 213.139.190.3 212.50.131.153
    O17 - HKLM\System\CS1\Services\Tcpip\..\{45520E16-F91A-4AC5-9EAE-C4964C643E60}: NameServer = 82.209.169.71 82.209.169.72
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 8057 bytes
     
    Rydy, Nov 11, 2007
    #3
  4. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    jep
    poista nämä
    D:\Ohjelmat\Cyberlink.PowerDVD.Ultra.Deluxe.v7.4.Multilingual.Incl.Keygen-ViRiLiTY
    D:\Ohjelmat\Serv-U.FTP.Server.v6.2.0.1.Corporate.Edition.WinALL.CRACKED-MiNT\m-su620b.zip ZIP

    ei kannata käyttää keygen ja crackejä ne ovat aika usein viruksia

    Lataa ja tallenna Blacklight työpöydällesi;

    Tupla-klikkaa fsbl.exe, hyväksy sopimus, klikkaa > Scan, sitten > Next

    Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).

    Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe".


    lähetä vielä uusi hjt-loki + blacklight-loki
     
    tomato71, Nov 12, 2007
    #4
  5. Rydy

    Rydy Member

    Joined:
    Nov 10, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Blacklist ei löytäny mitään...logi tässä siitä silti

    11/12/07 16:09:32 [Info]: BlackLight Engine 1.0.67 initialized
    11/12/07 16:09:32 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    11/12/07 16:09:33 [Note]: 7019 4
    11/12/07 16:09:33 [Note]: 7005 0
    11/12/07 16:09:40 [Note]: 7006 0
    11/12/07 16:09:40 [Note]: 7011 1936
    11/12/07 16:09:40 [Note]: 7026 0
    11/12/07 16:09:40 [Note]: 7026 0
    11/12/07 16:09:43 [Note]: FSRAW library version 1.7.1024
    11/12/07 16:19:51 [Note]: 2000 1012
    11/12/07 16:20:59 [Note]: 7007 0





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:22:04, on 12.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
    C:\Program Files\RhinoSoft.com\Serv-U\ServUAdmin.exe
    C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HJT\HiJackThis_v2.0.2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190385572578
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{45520E16-F91A-4AC5-9EAE-C4964C643E60}: NameServer = 82.209.169.71 82.209.169.72
    O17 - HKLM\System\CCS\Services\Tcpip\..\{49D6CC5E-3680-40B3-A8B4-911A881C9829}: NameServer = 213.139.190.3 212.50.131.153
    O17 - HKLM\System\CS1\Services\Tcpip\..\{45520E16-F91A-4AC5-9EAE-C4964C643E60}: NameServer = 82.209.169.71 82.209.169.72
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 8009 bytes
     
    Last edited: Nov 12, 2007
    Rydy, Nov 12, 2007
    #5
  6. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    lokit OK
    vielä ongelmia ???
     
    tomato71, Nov 12, 2007
    #6
  7. Rydy

    Rydy Member

    Joined:
    Nov 10, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Ei juuri tällä hetkellä... Ajoittain tuo wmiprvse.exe on yleensä alkanu sekoileen, tänään ei ole ainakaan vielä. Kiitos kaunis!
     
    Rydy, Nov 12, 2007
    #7

Share This Page